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AMENDMENTS TO THE CLAIMS 

Pursuant to 37 C.F.R. § 1.121 the following listing of claims will replace all prior versions, 
and listings, of claims in the application. 

Listing of Claims: 

1 . (Previously presented) A method for a roaming user to establish a security association with 
an application server in a visited network, wherein the roaming user has completed a mutual 
authentication with a Bootstrapping Server Function (BSF) that performs user identity initial 
verification in a generic authentication architecture in his home network, and obtained a 
Bootstrapping-Transaction Identifier (B-TID) assigned to him by the BSF, comprising: 

receiving a service request message, by the application server in the visited network, from the 
roaming user containing the B-TID; 

obtaining, by the application server in the visited network, the roaming user's user information 
comprising the user authentication results of the generic authentication architecture in the roaming 
user's home network, wherein the user information is associated with the B-TID; 

establishing a security association with the roaming user, by the application server in the 
visited network, according to the user authentication results of the generic authentication 
architecture in the roaming user's home network. 

2. (Original) The method according to Claim 1, wherein, the step of obtaining the roaming 
user's user information comprises: 

the application server in the visited network sending a query message to an authentication 
entity in the local network to inquire the user information associated with the B-TID; 

the authentication entity which received the message finding out the home network to which 
the user belongs according to the B-TID in the message, and acquiring the user information 
associated with the B-TID from the BSF in the roaming user's home network, and returning the 
acquired the user information to the application server; 
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the application server in the visited network obtaining the user information according to a 
response message returned from the authentication entity. 

3. (Original) The method according to Claim 2, the authentication entity in the visited network 
is a BSF or a generic authentication architecture proxy in the visited network; 

the step of the BSF or the generic authentication architecture proxy in the visited network 
acquiring the user information associated with the B-TID from the roaming user's home network 
comprises: 

the BSF or the generic authentication architecture proxy in the visited network directly sending 
a query message to the BSF in the roaming user's home network, inquiring the user information 
associated with the B-TID; and obtaining the user information associated with the B-TID from the 
response message returned by the BSF in the roaming user's home network. 

4. (Original) The method according to Claim 3, wherein the generic authentication architecture 
proxy in the visited network is an independent server, or a server combined with an AAA server in 
the local network, or a server combined with the application server in the local network. 

5. (Previously presented) The method according to Claim 2, wherein, the authentication entiey 
in the visited network is the AAA server in the visited network; 

the step of the AAA server in the visited network acquiring the user information associated 
with the B-TID from the BSF in the roaming user's home network comprises: 

the AAA server in the visited network sending a query message to the AAA server in the 
roaming user's home network, inquiring the information assoiciated the the B-TID; 

the AAA server in the home network inquiring the BSF in the local network, after the BSF in 
the local network finding the user information associated with the B-TID, it returning a response 
message, with the user information associated with the B-TID in it, to the local AAA server, and the 
AAA server returning a response message, with the user information associated with the B-TID in 
it, to the AAA server in the visited network; the AAA server in the visited network obtaining the 
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user information associated with the B-TID from the response message returned by the AAA server 
in the roaming user's home network. 

6. (Original) The method according to Claim 1, wherein, the step of obtaining the roaming 
user's user information comprises: 

the application server in the visited network notifmg the roaming user that the B-TID is an 
illegal identity, and indicating the user to use a permanent identity; 

having received the service request message from the roaming user again, with the permanent 
identity carried in the message, the application server in the visited network sending an 
authentication request to a AAA server in the local network; the AAA server in the visited network 
finding out the user's home network according to the user's permanent identity, and sending another 
authentication request to the AAA server in the roaming user's home network; 

having received the authentication request from the AAA server in the visited network, the 
AAA server in the home network sending a request to the BSF in the local network for 
authentication of the user; 

the BSF in the home network earring out mutual authentication with the user via the AAA 
server in the local network, the AAA server in the visited network and the application server in the 
visited network, after successful authentication, the BSF in the home network directly returning a 
successful authentication message carrying the user information to the AAA server in the local 
network, and the AAA server in the local network returning the successful authentication message 
to the AAA server in the visited network; 

the application server in the visited network obtaining the roaming user's user information 
from the successful authentication message returned by the AAA server in the local network. 

7. (Original) The method according to Claim 1, wherein the user information comprises at 
least: key information and the user's identity. 

8. (Original) The method according to Claim 2, wherein the user information comprises at 
least: key information and the user's identity. 



4 



4601000.1 0212122-USO 



Application No. 10/591,065 

Amendment dated December 11, 2009 

After Final Office Action of September 1 1, 2009 



Docket No.: 21 370/02 12122-US0 



9. (Original) The method according to Claim 6, wherein the user information comprises at 
least: key information and the user's identity. 

10. (Original) The method according to Claim 7, wherein the user information also comprises 
the profile information associated with security. 

1 1 . (Original) The method according to Claim 8, wherein the user information also comprises 
the profile information associated with security. 

12. (Original) The method according to Claim 9, wherein the user information also comprises 
the profile information associated with security. 

13. (Original) The method according to Claim 7, wherein the key information is a shared key 
Ks generated in authentication, or a Ks-derived key and its valid term. 

14. (Original) The method according to Claim 8, wherein the key information is a shared key 
Ks generated in authentication, or a Ks-derived key and its valid term. 

15. (Original) The method according to Claim 9, wherein the key information is a shared key 
Ks generated in authentication, or a Ks-derived key and its valid term. 
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